PDA

View Full Version : Calling all experienced network managers - VPN



echothreezero
17-03-2008, 12:28 PM
Hi,

At my workplace we don't have an IT person. Because I was sick of watching my boss paying through the nose for the nearest IT company to travel 20mins to the office everytime a network switch needed rebooting, I kind of took on the IT role at the company additional to my normal duties. I have no training, just self-taught limited experience.

Cut to the chase - we want to set up a VPN so we can work from home. The IT manager at our parent company in Auckland tells us:

1) It is too expensive
2) It would take a lot of his time to implement
3) There is a significant security risk to manage
4) Our internet speed for workers at the office would be significantly impaired.

Can someone please confirm or deny this? I suspect that it is a little over his head (I am sceptical of his experience level) and is just bluffing out of doing it.

We have 8+ work stations, and a central file server running Business Server 2003. We have several applications that run on the server with client access. Networking is a star config running on a workgroup rather than a domain.

We would have a maximum of 3 employees working at home at any one time. Ideally they would be able to use the apps that have client access, but at the very least we would want them to have access to the file server.

I have no experience runing a VPN, but it doesn't seem as hard as the network manager makes out.

Cheers

Graham

CYaBro
17-03-2008, 12:46 PM
Well if it is Small Business Server 2003 then this has VPN / Remote Access built in. Only need to open a port on the router to allow VPN access.
Not very expensive at all.

It can be a security risk as you are allowing people's home computers onto your business network and you don't know what viruses etc may be on them.
Make sure anyone who wants to work from home as up-to-date antivirus software etc.
Also best if the SBS2003 box has two network cards in it but not essential.

Do the users, that will work from home, have their own workstation in the office or are they shared?
The reason is because the best way to work remotely would be to use Remote Desktop and log in to their own machine in the office. Then it is like they are sitting in front of their office machine and can do anything that they would normally do and this doesn't use much internet bandwidth at all.
The only problem with this is that, while someone is logged in remotely to a workstation, you can't use it locally as the screen is locked.

Trying to run applications, on the remote users home PC, that access data on the office server over a VPN connection would be slow and use a lot more bandwidth than the remote desktop.

nofam
17-03-2008, 12:59 PM
Hi echothreezero,

VPN's aren't difficult at all really, provided your router supports it. Ideally, you'd want a router that supports IPSEC. You then assign that router a static external ip address that your client (home PC) points to, and set up the VPN connection on each client.

That's a simplification, but essentially, that's how it works. As for price, we just put a Cisco ADSL router in to connect two branches, and that was around $450 + GST. As for security, as long as you accept nothing on the internet is REALLY secure, it's still pretty safe. And I can't see how having a VPN would impair your web traffic speed, unless you had multiple users on it all day. And if it became a concern, you could use QoS to implement some traffic shaping.

HTH

CYaBro
17-03-2008, 01:05 PM
Hi echothreezero,

VPN's aren't difficult at all really, provided your router supports it. Ideally, you'd want a router that supports IPSEC. You then assign that router a static external ip address that your client (home PC) points to, and set up the VPN connection on each client.

That's a simplification, but essentially, that's how it works. As for price, we just put a Cisco ADSL router in to connect two branches, and that was around $450 + GST. As for security, as long as you accept nothing on the internet is REALLY secure, it's still pretty safe. And I can't see how having a VPN would impair your web traffic speed, unless you had multiple users on it all day. And if it became a concern, you could use QoS to implement some traffic shaping.

HTH

No need for a static IP address, just use No-IP.com and the free software they supply. I have about a dozen clients who use this and have never had a problem.
If you already have a static IP then use that instead :lol:

nofam
17-03-2008, 02:02 PM
No need for a static IP address, just use No-IP.com and the free software they supply. I have about a dozen clients who use this and have never had a problem.
If you already have a static IP then use that instead :lol:

Great point CYaBro - must remember that!! :clap

ughnz
17-03-2008, 04:54 PM
Great point CYaBro - must remember that!! :clap

Most routers these days even support the likes of dyndns in the firmware so no software required.

somebody
17-03-2008, 06:47 PM
What sort of internet connection does your business have?
What sort of business are you - i.e. will you be in big big trouble if someone got hold of some of your files?
What sort of internet connection do your workers have at home?

echothreezero
18-03-2008, 09:00 AM
Thanks so far - I have used the information in this post to show the office manager that our Network Manager is probably bluffing and he has given me the mandate to research it further and come up with an implementation plan and usage policy. So I will probably be back with more questions once I get started (I'm a little swamped with regular work at the moment).

To answer the above questions:

We have a pretty good broadband connection with a static IP. (We get 5600kb/s down and 600kb/s up which is good up here in the far north).

We are an engineering and consultancy firm. We don't hold national secrets, but we do have open files on many large-scale developments, and fee information which we would not like public for confidentiality and competitive reasons.

Workers have standard 2mbit down 128K up broadband connections.

somebody
18-03-2008, 12:08 PM
Thanks so far - I have used the information in this post to show the office manager that our Network Manager is probably bluffing and he has given me the mandate to research it further and come up with an implementation plan and usage policy. So I will probably be back with more questions once I get started (I'm a little swamped with regular work at the moment).

To answer the above questions:

We have a pretty good broadband connection with a static IP. (We get 5600kb/s down and 600kb/s up which is good up here in the far north).

We are an engineering and consultancy firm. We don't hold national secrets, but we do have open files on many large-scale developments, and fee information which we would not like public for confidentiality and competitive reasons.

Workers have standard 2mbit down 128K up broadband connections.

Ok. The reason I ask, is that you need to be aware of how much bandwidth simultaneously open RDP or similar sessions will use up. I don't have the figures unfortunately, but you certainly need to think about that, and how it'll affect the upstream internet speed for other users in the office.

An organisation I worked for used an RSA key dongle setup, to provide two factor authentication for their VPN. This firm was very large, and had a certain reputation to preserve, as well as confidential client files which while not "national secrets", would destroy millions of dollars worth of contracts if they got leaked out.

ziph
18-03-2008, 11:35 PM
Just use Hamachi to setup an instant VPN. I use it all the time to work not only from home, but anywhere i am connected. Oh, and the basic version is free.